[官方已更新]改时间病毒（123杀不了）

显示全部楼层 · 发表于 2007-10-30 20:45:32

原帖由 <i>yueying18</i> 于 2007-10-30 20:23 发表 <a href="http://bbs.kafan.cn/redirect.php?goto=findpost&pid=1977927&ptid=150071" target="_blank"><img src="http://bbs.kafan.cn/images/common/back.gif" border="0" onclick="zoom(this)" onload="attachimg(this, 'load')" alt="" /></a><br />
我下了一个255都没有报哦,能不能解决一下,呀

<br />
删除C:\WINDOWS\SYSTEM32\EB3FC60C.EXE

显示全部楼层 · 发表于 2007-10-30 22:17:31

Begin scan in 'C:\Documents and Settings\Administrator\桌面\auto.rar'
C:\Documents and Settings\Administrator\桌面\auto.rar
  [0] Archive type: RAR
  --> auto.exe
   [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
   [WARNING] The file was ignored!

显示全部楼层 · 发表于 2007-10-30 22:41:26

小a又反应！不让下！

显示全部楼层 · 发表于 2007-10-30 22:43:17

auto.exe居然利用winlogon.exe，

winlogon.exe再利用Explorer.EXE下載了16隻

auto.exe下載的病毒載點：
http://www.badongo.com/file/4944207

llk1193750650.h的結構

[update]
ver=2007103020
url=http://nx.51ylb.cn/soft/soft/e47e57844ef30ab4.exe
updatetimer=120
[startpage]
startpage=0
url=sssssssssssssssssss
[desktop]
desktop=0
count=1
title1=免费网络电话
url1=http://skype.tom.com/download/archive/01400974/SkypeClient.exe
[file]
file=1
file1=http://222.73.247.201/mh0618.exe
filename1=ffsea1.exe
ftime1=3
file2=http://222.73.247.201/my0616.exe
filename2=ffsea2.exe
ftime2=3
file3=http://222.73.247.131/qj0617.exe
filename3=ffsea3.exe
ftime3=3
file4=http://222.73.26.9/tl0619.exe
filename4=ffsea4.exe
ftime4=3
file5=http://222.73.247.131/wow0617.exe
filename5=ffsea5.exe
ftime5=3
file6=http://222.73.247.202/wd0618.exe
filename6=ffsea6.exe
ftime6=3
file7=http://220.189.255.29/dh0616.exe
filename7=ffsea7.exe
ftime7=3
file8=http://220.189.255.29/qqsg.exe
filename8=ffsea8.exe
ftime8=4
file9=http://222.73.247.202/jh0619.exe
filename9=ffsea9.exe
ftime9=4
file10=http://222.73.254.67/zt0616.exe
filename10=ffsea10.exe
ftime10=4
file11=http://220.189.255.29/wl0618.exe
filename11=ffsea11.exe
ftime11=4
file12=http://222.73.26.9/dh3.exe
filename12=ffsea12.exe
ftime12=4
file13=http://222.73.247.201/cq0619.exe
filename13=ffsea13.exe
ftime13=4
file14=http://220.189.255.29/cs0619.exe
filename14=ffsea14.exe
ftime14=4
file15=http://222.73.254.67/mj.exe
filename15=ffsea15.exe
ftime15=4
count=15
[count]
count=0
mecount=0
url=http://nx.51ylb.cn/soft/count/count.asp

显示全部楼层 · 发表于 2007-10-30 22:46:32

聽說最新版的卡巴可以防禦"修改時間"！

显示全部楼层 · 发表于 2007-10-30 22:56:13

运行之尝试挂起系统及程序进程
系统盘写EXE 注册服务修改时间

显示全部楼层 · 发表于 2007-10-30 22:59:15

C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » n1193750671k.exe - a variant of Win32/TrojanDownloader.Flux trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k119375081515.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k11937507981.exe - a variant of Win32/PSW.Agent.NEC trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k11937508002.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k11937508013.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k11937508024.exe - Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k11937508035.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k11937508046.exe - Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k11937508067.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k11937508078.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k11937508089.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k119375080910.exe - Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k119375081011.exe - a variant of Win32/PSW.OnLineGames.YA trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k119375081212.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k119375081313.exe - a variant of Win32/PSW.WOW.WU trojan
C:\Documents and Settings\Don johnson\桌面\DLOAD.rar » RAR » k119375081414.exe - Win32/PSW.WOW.WU trojan

显示全部楼层 · 发表于 2007-10-31 14:24:41

微点砍掉

显示全部楼层 · 发表于 2007-11-1 13:37:25

只能一个一个的杀了。

[病毒样本] [官方已更新]改时间病毒（123杀不了）

本帖子中包含更多资源

本帖子中包含更多资源

16个全灭

本帖子中包含更多资源